package com.qfedu.edu.config;

import com.qfedu.edu.filter.AuthFilter;
import com.qfedu.edu.filter.LoginFilter;
import com.qfedu.edu.service.IJwtService;
import com.qfedu.edu.service.ITokenService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringBootConfiguration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.LogoutHandler;

/**
 * @author wangchen
 * @title: SecurityConfig
 * @projectName cd-fy-2401-third-project-parent
 * @description: Security的整体的配置文件
 * @date 2024/9/14  9:30
 */
@SpringBootConfiguration
@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

   @Autowired
   private PasswordEncoder passwordEncoder;

   @Autowired
   private UserDetailsService userDetailsService;

   @Autowired
   private AuthenticationEntryPoint authenticationEntryPoint;

   @Autowired
   private LogoutHandler logoutHandler;

   @Autowired
   private ITokenService tokenService;

   @Autowired
   private IJwtService jwtService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
     //设置UserDetailService的类和散列类
     auth.userDetailsService(userDetailsService)
             .passwordEncoder(passwordEncoder);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
       http.exceptionHandling()
               .authenticationEntryPoint(authenticationEntryPoint)
               .and().csrf().disable()
               .authorizeRequests()
               .anyRequest().authenticated()
               .and().logout().logoutUrl("/users/logout")
               .addLogoutHandler(logoutHandler).and()
               .addFilter(new LoginFilter(authenticationManager(),tokenService))
               .addFilter(new AuthFilter(authenticationManager(),tokenService,jwtService))
               .httpBasic();
    }

    /**
     * 放行swagger
     * @param web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        //下面需要将 swagger的请求的地址放行 (不需要登陆就能直接访问)
        //在这里需要将swagger的所有的请求路径全部放行
        //所需要用到的静态资源，允许访问
        web.ignoring().antMatchers( "/swagger-ui.html",
                "/swagger-ui/*",
                "/swagger-resources/**",
                "/v2/api-docs",
                "/v3/api-docs",
                "/webjars/**"
                );
    }
}
